Welcome to Vtiger Community. To gain access for account, please contact [ info @ vtiger.com ]

Commit 11464d43c617db7b66a277d40c0a5138cc42dcbd

Authored by Prasad
1 parent 618b9ebb

Routing image validation in CompanyDetailsSave action to common function.

modules/Settings/Vtiger/actions/CompanyDetailsSave.php
... ... @@ -19,25 +19,10 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
19 19 if ($request->get('organizationname')) {
20 20 $saveLogo = $status = true;
21 21 if(!empty($_FILES['logo']['name'])) {
22   - $logoDetails = $_FILES['logo'];
23   - $fileType = explode('/', $logoDetails['type']);
24   - $fileType = $fileType[1];
  22 + $logoDetails = $_FILES['logo'];
  23 + $saveLogo = Vtiger_Functions::validateImage($logoDetails);
  24 + if (is_string($saveLogo)) $saveLogo = ($saveLogo == 'false')? false : true;
25 25  
26   - if (!$logoDetails['size'] || !in_array($fileType, Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
27   - $saveLogo = false;
28   - }
29   -
30   - //mime type check
31   - $mimeType = vtlib_mime_content_type($logoDetails['tmp_name']);
32   - $mimeTypeContents = explode('/', $mimeType);
33   - if (!$logoDetails['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) {
34   - $saveLogo = false;
35   - }
36   - // Check for php code injection
37   - $imageContents = file_get_contents($_FILES["logo"]["tmp_name"]);
38   - if (preg_match('/(<\?php?(.*?))/i', $imageContents) == 1) {
39   - $saveLogo = false;
40   - }
41 26 if ($saveLogo) {
42 27 $moduleModel->saveLogo();
43 28 }
... ...
vtlib/Vtiger/Functions.php
... ... @@ -606,7 +606,7 @@ class Vtiger_Functions {
606 606 }
607 607  
608 608 //mime type check
609   - $mimeType = mime_content_type($file_details['tmp_name']);
  609 + $mimeType = self::mime_content_type($file_details['tmp_name']);
610 610 $mimeTypeContents = explode('/', $mimeType);
611 611 if (!$file_details['size'] || strtolower($mimeTypeContents[0]) !== 'image' || !in_array($mimeTypeContents[1], $mimeTypesList)) {
612 612 $saveimage = 'false';
... ...